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Claims 




NO 


Industrial applicability (IA) 
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1-34 
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2. Citations and explanations (Rule 70.7) 

The invention concerns a device, user equipment, and entities 
for authenticating a user equipment accessing a multimedia 
network through an access network where the user had already 
been authenticated. 

The problem to be solve by the invention relates to extra 
signalling required as well as extra load added on a 
multimedia network, when an additional authentication is 
required as a user wants to get access to the multimedia 
domain . 

The object of the invention is to provide an inter-domain 
authentication mechanism carrying out a cross -domain 
authentication for a given user between an access network 
domain and a multimedia domain being simpler and applicable 
where a user authentication has been carried out by the access 
network . 

Documents cited in the International Search Report: 

Dl: "Access security for IP-based services (Release 5)" 3RD 

GENERATION PARTNERSHIP PROJECT; TECHNICAL SPECIFICATION GROUP 

SERVICES AND SYSTEM ASPECTS; 3GPP TS 33,203 V5 . 6 . 0 (2003-06) 

D2: WO03056781 A 

D3: US2003159067 Al 

D4: WO02091785 A 

D5: US2001031635 A 

Document Dl is considered to represent the closest prior art. 
Dl describes a device (S-CSCF) for multimedia authentication 
of a user equipment in a multimedia domain through an access 
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In case the space in any of the preceding boxes is not sufficient 
Continuation of: BOX V 

network (UMTS) (se section 6.1 in Dl) . According to Dl, 
registration/authentication of a user equipment by the S- CSCF 
must be performed prior to the user to get access to a 
multimedia service. 

The invention according to new independent claims 1, 15, 23 
filed with the letter of 25/07/2005 differs from the 
device/method/apparatus in Dl in that a step is performed to 
decide that an implicit authentication between the user and 
the IMS domain can take place based on a previous 
authentication of the user by the network, thus skipping the 
needs for an explicit authentication, which explicit 
authentication is a requirement in Dl. 

Therefore, the invention according to new claims 1-34 
satisfies the requirements of novelty, inventive step and 
industrial applicability. 

Additional documents D2-D5 are considered to represent the 
general state of the art, and the invention according to 
claims 1-34 is not disclosed by any of those documents. 
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CLAIMS 

1. A device for Multimedia authentication of a user (UE) 
accessing a Multimedia domain (IMS) through an access 
network (UMTS; WLAN; GPRS; CDMA 2000), the device for use 
in, or in co-operation with, a subscriber server (HSS; 
AAA) of the access network holding authentication data 
for the user and accessible to the Multimedia domain 
(IMS) , the device characterised by comprising: 

- means for deciding that an implicit authentication 
between the user (UE) and the Multimedia domain (IMS) 
can take place based on a previous authentication of 
the user (UE) by the access network (UMTS; WLAN; GPRS; 
CDMA 2000) , thus skipping the needs for an explicit 
authentication; and 

- means for instructing a serving entity (S-CSCF) in 
charge of authenticating the user (UE) in the 
Multimedia domain (IMS) that implicit authentication 
can take place. 

2. The device of claim 1, wherein the means for deciding 
that an implicit authentication can take place includes 
means for determining the potential security of the 
signalling path to access the Multimedia domain through 
said access network. 

3. The device of claim 1, wherein the means for instructing, 
the serving entity that an implicit authentication can 
take place include means for indicating (Implicit 
Authentication) that the final decision is on the user's 
side (UE) which might force an explicit authentication. 

4. The device of claim 1, wherein the means for instructing 
the serving entity that an implicit authentication can 
take place include means for indicating (Implicit 
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Authentication by network) that this is a final decision 
taken by the network and no explicit authentication can 
be carried out. 

The device of claim 1, further including means (Implicit 
Authentication; Implicit Authentication by the network) 
for notifying the user's equipment that an implicit 
authentication of the user for accessing the Multimedia 
domain can by carried out by the network. 

The device of claim 1, wherein the means for deciding 
that an implicit authentication between the user (UE) and 
the Multimedia domain (IMS) can take place includes means 
for receiving a proposal of implicit authentication (SSO 
proposal) originated from the user's equipment (UE) . 

The device of claim 3, further comprising means for 
receiving an indication (SSO enabled) originated from the 
user's equipment (UE) to confirm the acceptance of the 
implicit authentication proposed by the network. 

The device of claim 7, further comprising means for 
indicating (Implicit Authentication user-confirmed) to 
the serving entity (S-CSCF) in charge of authenticating 
the user in the Multimedia domain (IMS) that the user has 
confirmed the implicit authentication. 

The device of claim 8, further comprising means for 
providing additional authentication data to said serving 
entity (S-CSCF) , said additional authentication data 
including at least one element selected from a group of 
elements comprising: authentication type; access 
information; and authentication timestamp. 

A user's equipment (UE) enabled to get access to a 
Multimedia domain (IMS) through an access network (UMTS; 
WLAN; GPRS; CDMA 2000), and arranged to carry out a first 
explicit Authentication procedure with the access network 
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and a second explicit authentication procedure with the 
Multimedia domain (IMS), the user's equipment (UE) 
characterised by having means for processing at least one 
notification selected from a group of notifications 
5 including: 

- a notification (Implicit Authentication; Implicit 
Authentication by the network) received from the 
Multimedia domain (IMS) indicating that an implicit 
authentication for the user can be carried out by the 

1 0 network ; and 

- a notification (SSO Proposal) proposed from the user's 
equipment (UE) towards the Multimedia domain (IMS) to 
carry out an implicit authentication between said 
user's equipment and Multimedia domain, 

15 11. The user's equipment (UE) of claim 10, wherein the means 
for processing a notification received from the 
Multimedia domain (IMS) includes means for receiving and 
processing an indication (Implicit Authentication) that 
the final decision is on the user's equipment (UE) which 

20 might force an explicit authentication. 

12. The user's equipment (UE) of claim 11, further comprising 
means for sending towards the Multimedia domain (IMS) an 
indication (SSO enabled) to confirm the acceptance of the 
implicit authentication proposed by the network. 

25 13. The user's equipment (UE) of claim 12, further comprising 
means for providing additional authentication data 
towards the Multimedia domain (IMS) , said additional 
authentication data including at least one element 
selected from a group of elements comprising: 

30 authentication type; access information; and 

authentication timestamp. 
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The user's equipment (UE) of claim 10, wherein the means 
for processing a notification received from the 
Multimedia domain (IMS) includes means for receiving and 
processing an indication (Implicit Authentication by the 
network) that the implicit authentication is a final 
decision taken by the network and no explicit 
authentication can be carried out. 

A method for authenticating a user (UE) accessing a 
Multimedia domain (IMS) through an access network (UMTS; 
WLAN; GPRS; CDMA 2000) , the method comprising: 

- a step of authenticating the user in the access 
network (UMTS; WLAN; GPRS; CDMA 2000) where the user 
accesses through, the access network having a 
subscriber server (HSS; AAA) with authentication data 
for the user and accessible to the Multimedia domain 
(IMS) ; and 

- a step of registering the user (UE) into the 
Multimedia domain (IMS) ; 

the method characterized by comprising: 

- a step of deciding that an implicit authentication 
between the user (UE) and the Multimedia domain (IMS) 
can take place based on the previous authentication of 
the user (UE) in the access network (UMTS; WIAN; GPRS; 
CDMA 2000) , thus skipping the needs for an explicit 
authentication; and 

- a step of instructing a serving entity (S-CSCF) in 
charge of authenticating the user (UE) in the 
Multimedia domain (IMS) that implicit authentication 
can take place. 

. The method of claim 15, further comprising a step of 
notifying from the Multimedia domain (IMS) (Implicit 
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Authentication; Implicit Authentication by network) to 
the user's equipment (UE) that implicit authentication of 
the user for accessing the Multimedia domain can by 
carried out. 

5 17. The method of claim 15, wherein the step of deciding that 
an implicit authentication can take place includes a step 
of determining the potential security of the signalling 
path to access the Multimedia domain through said access 
network . 

10 18. The method of claim 15, wherein the step of deciding that 
an implicit authentication can take place includes a step 
of proposing from the user's equipment (UE) towards the 
Multimedia domain (IMS) an implicit authentication to be 
carried out between said user's equipment and Multimedia 

1 5 domain . 

19. The method of claim 15, wherein the step of instructing 
the serving entity that an implicit authentication can 
take place include a step of indicating (Implicit 
Authentication by the network) that this is a final 

20 decision taken by the network and no explicit 

authentication can be carried out. 

20. The method of claim 15, wherein the step of instructing 
the serving entity that an implicit authentication can 
take place includes a step of indicating (Implicit 

25 Authentication) that the final decision is on the user's 

equipment which might force an explicit authentication. 

21. The method of claim 20, further comprising a step of 
confirming (SSO enabled) from the user's equipment (UE) 
acceptance of an implicit authentication proposed by the 

30 network . 

22. The method of claim 21, further comprising a step of 
indicating (Implicit Authentication user- confirmed) to 
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the serving entity (S-CSCF) in charge of authenticating 
the user (UE) in the Multimedia domain (IMS) that the 
user has confirmed the implicit authentication. 

A serving entity (S-CSCF) in charge of authenticating a 
user (UE) in the Multimedia domain (IMS) when the user 
accesses thereto through an access network (UMTS; WLAN; 
GPRS; CDMA 2000) where said user had been previously 
authenticated, the serving entity (S-CSCF) characterized 
by comprising: 

- means for receiving and processing instructions 
(Implicit Authentication; Implicit Authentication by 
the network) originated from the device of claim 1 
indicating that an implicit authentication can take 
place based on the previous authentication of the user 
(UE) by the access network (UMTS; WLAN; GPRS; CDMA 
2000) ; and 

- means for notifying (Implicit Authentication; Implicit 
Authentication by the network) to a user's equipment 
(UE) that an implicit authentication of the user for 
accessing the Multimedia domain (IMS) can by carried 
out by the network. 

The serving entity (S-CSCF) of claim 23, also comprising 
means for receiving an indication (SSO enabled) 
originated from the user' s equipment (UE) of claim 12 to 
confirm acceptance of an implicit authentication proposed 
by the network. 

The serving entity (S-CSCF) of claim 23, further 
comprising means for receiving an indication (Implicit 
Authentication user-confirmed) originated from the device 
of claim 8 indicating that the user has confirmed the 
implicit authentication. 
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The serving entity (S-CSCF) of claim 25, further 
comprising means for checking the matching of additional 
authentication data respectively received from the device 
of claim 9 and from the user's equipment of claim 13 in 
order to provide an extra security support. 

The serving entity (S-CSCF) of claim 26, wherein said 
additional authentication data include at least one 
element selected from a group of elements comprising: 
authentication type; access information; and 
authentication timestamp. 

The serving entity (S-CSCF) of claim 23, wherein the 
means for notifying the user (UE) that an implicit 
authentication can by carried out by the network includes 
means for indicating (Implicit Authentication by the 
network) the user (UE) that the implicit authentication 
is a final decision taken by the network and no explicit 
authentication can be carried out. 

A Proxy entity (P-CSCF) intended to act as an entry point 
into the Multimedia domain (IMS) for users (UE) accessing 
thereto through an access (UMTS; WLAN; GPRS ; CDMA 2000) 
network where the user had been previously authenticated, 
characterized by having means for processing at least one 
notification selected from a group of notifications 
including : 

- a notification (Implicit Authentication; Implicit 
authentication by the network) sent towards the user's 
equipment (UE) to indicate that an implicit 
authentication of the user for accessing the 
Multimedia domain (IMS) can by carried out by the 
network ; and 

- a notification (SSO Proposal) received from the user's 
equipment (UE) to propose an implicit authentication 
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towards the Multimedia domain (IMS) between said 
user's equipment and Multimedia domain. 

The Proxy entity (P-CSCF) of claim 29 further comprising 
means for receiving an indication (SSO enabled) from the 
user's equipment (UE) accepting the implicit 
authentication proposed by the network. 

The Proxy entity (P-CSCF) of claim 29 further comprising 
means for indicating (Implicit Authentication by the 
network) to the user (UE) that the implicit 
authentication is a final decision taken by the network 
and no explicit authentication can be carried out. 

An interrogating entity (I-CSCF) querying a subscriber 
server (HSS; AAA-3GPP) in the Multimedia domain (IMS) 
about a user (UE) having accessed said Multimedia domain 
through an access network (WLAN; GPRS), the interrogating 
entity having means for receiving a registration request 
from the user, and means for acknowledging such 
registration towards the user, and characterized by 
comprising means for transmitting an indication (Implicit 
Authentication; Implicit authentication by the network) 
towards the user (UE) that an implicit authentication of 
the user for accessing the Multimedia domain (IMS) can by 
carried out. 

The interrogating entity (I-CSCF) of claim 32 further 
comprising: 

- means for receiving an indication (SSO enabled; SSO 
proposal) originated from the user's equipment (UE) to 
enable an implicit authentication; and 

- means for transmitting such indication from the user's 
equipment towards at least one entity selected from a 
group of entities comprising the device of claim 1 and 
the serving entity (S-CSCF) of claim 23. 
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The interrogating entity (I-CSCF) of claim 32 further 
comprising means for transmitting towards the user (UE) 
an indication (Implicit Authentication by the network) 
that the implicit authentication is a final decision 
taken by the network and no explicit authentication can 
be carried out. 
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